USN-3848-2

Advisory lineage Upstream: 8 Downstream: 0
Published: 20 Dec 2018, 23:42
Last modified:04 Feb 2026, 04:15

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

20 Dec 2018, 23:42
Published
Vulnerability first disclosed
04 Feb 2026, 04:15
Last Modified
Vulnerability information updated

Description

linux-lts-xenial, linux-aws vulnerabilities USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18174) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710)

Affected Systems

  • ubuntulinux-aws

    < 4.4.0-1037.40

  • ubuntulinux-lts-xenial

    < 4.4.0-141.167~14.04.1

References (5)